Re: The value argument to access_allowed, acl_mask, etc.

Yup, there is lots of room for optimization in this area. We could
be smarter about (not) looking at all values when checking ACLs, but
that is more difficult when ACIs are in the mix.

Mark.

> This parameter is used in a few places. First, if is needed when
> checking "self" rights in ACLs.

Oh, yes, "self"...

We are paying a lot for this aren't we? I mean, send_search_entry
is going to loop over every value at every search and each of these
calls is going over the whole ACL set just to get to the precise
same <who> term in the precise same <what> access clause just so
we can do "self"... Not that is has been a cause for worry, but
seems an area for possible optimization. Unless we find more use
for this, of course. Anyway, it seems a little bit overkill for
searches.

Sorry, just disgressing, I am just trying to understand all this.

> Second, it is used in ACIs that
> control access to attributes with certain values.